Sap Businessobjects_business_intelligence_platform
73 CVEs affecting Sap Businessobjects_business_intelligence_platform. Latest disclosed: 2026-02-10. Critical: 6, High: 21.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-0018 | Critical | 10.0 | 2023-01-10 | Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an a… |
CVE-2023-0022 | Critical | 9.9 | 2023-01-10 | SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the appli… |
CVE-2020-6242 | Critical | 9.8 | 2020-05-12 | SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Managemen… |
CVE-2020-6195 | Critical | 9.8 | 2020-04-14 | SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It in… |
CVE-2020-26831 | Critical | 9.6 | 2020-12-09 | SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generati… |
CVE-2020-6294 | Critical | 9.1 | 2020-08-12 | Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionaliti… |
CVE-2022-35228 | High | 8.8 | 2022-07-12 | SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achi… |
CVE-2020-6219 | High | 8.8 | 2020-04-14 | SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an atta… |
CVE-2019-0398 | High | 8.8 | 2019-12-11 | Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to… |
CVE-2025-0064 | High | 8.7 | 2025-02-11 | Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to gen… |
CVE-2025-0061 | High | 8.7 | 2025-01-14 | SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interactio… |
CVE-2023-42472 | High | 8.7 | 2023-09-12 | Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report c… |
CVE-2023-0020 | High | 8.5 | 2023-02-14 | SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise res… |
CVE-2023-24530 | High | 8.4 | 2023-02-14 | SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed… |
CVE-2024-28165 | High | 8.1 | 2024-05-14 | SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which c… |
CVE-2022-28213 | High | 8.1 | 2022-04-12 | When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML docume… |
CVE-2026-0490 | High | 7.5 | 2026-02-10 | SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication… |
CVE-2026-0485 | High | 7.5 | 2026-02-10 | SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to c… |
CVE-2022-27667 | High | 7.5 | 2022-04-12 | Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access infor… |
CVE-2021-40500 | High | 7.5 | 2021-10-12 | SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations… |